– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201607-07
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
https://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: July 16, 2016
Bugs: #584310, #586704
ID: 201607-07
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Synopsis
========
Multiple vulnerabilities have been found in the Chromium web browser,
the worst of which allows remote attackers to execute arbitrary code.
Background
==========
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
Affected packages
=================
——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 www-client/chromium < 51.0.2704.103 >= 51.0.2704.103
Description
===========
Multiple vulnerabilities have been discovered in the Chromium web
browser. Please review the CVE identifiers referenced below for
details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot -v “>=www-client/chromium-51.0.2704.103”
References
==========
[ 1 ] CVE-2016-1672
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1672
[ 2 ] CVE-2016-1673
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1673
[ 3 ] CVE-2016-1674
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1674
[ 4 ] CVE-2016-1675
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1675
[ 5 ] CVE-2016-1676
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1676
[ 6 ] CVE-2016-1677
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1677
[ 7 ] CVE-2016-1678
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1678
[ 8 ] CVE-2016-1679
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1679
[ 9 ] CVE-2016-1680
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1680
[ 10 ] CVE-2016-1681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1681
[ 11 ] CVE-2016-1682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1682
[ 12 ] CVE-2016-1683
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1683
[ 13 ] CVE-2016-1684
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1684
[ 14 ] CVE-2016-1685
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1685
[ 15 ] CVE-2016-1686
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1686
[ 16 ] CVE-2016-1687
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1687
[ 17 ] CVE-2016-1688
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1688
[ 18 ] CVE-2016-1689
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1689
[ 19 ] CVE-2016-1690
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1690
[ 20 ] CVE-2016-1691
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1691
[ 21 ] CVE-2016-1692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1692
[ 22 ] CVE-2016-1693
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1693
[ 23 ] CVE-2016-1694
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1694
[ 24 ] CVE-2016-1695
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1695
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-07
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
<html>
<head>
<meta http-equiv=”content-type” content=”text/html; charset=utf-8″>
</head>
<body bgcolor=”#FFFFFF” text=”#000000″>
<p>
<meta http-equiv=”content-type” content=”text/html; charset=utf-8″>
</p>
<pre style=”color: rgb(0, 0, 0); font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; white-space: pre-wrap;”>- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201607-07
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
<a class=”moz-txt-link-freetext” href=”https://security.gentoo.org/”>https://security.gentoo.org/</a>
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: July 16, 2016
Bugs: #584310, #586704
ID: 201607-07
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Synopsis
========
Multiple vulnerabilities have been found in the Chromium web browser,
the worst of which allows remote attackers to execute arbitrary code.
Background
==========
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
Affected packages
=================
——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 www-client/chromium < 51.0.2704.103 >= 51.0.2704.103
Description
===========
Multiple vulnerabilities have been discovered in the Chromium web
browser. Please review the CVE identifiers referenced below for
details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot -v “>=www-client/chromium-51.0.2704.103”
References
==========
[ 1 ] CVE-2016-1672
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1672″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1672</a>
[ 2 ] CVE-2016-1673
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1673″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1673</a>
[ 3 ] CVE-2016-1674
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1674″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1674</a>
[ 4 ] CVE-2016-1675
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1675″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1675</a>
[ 5 ] CVE-2016-1676
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1676″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1676</a>
[ 6 ] CVE-2016-1677
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1677″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1677</a>
[ 7 ] CVE-2016-1678
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1678″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1678</a>
[ 8 ] CVE-2016-1679
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1679″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1679</a>
[ 9 ] CVE-2016-1680
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1680″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1680</a>
[ 10 ] CVE-2016-1681
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1681″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1681</a>
[ 11 ] CVE-2016-1682
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1682″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1682</a>
[ 12 ] CVE-2016-1683
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1683″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1683</a>
[ 13 ] CVE-2016-1684
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1684″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1684</a>
[ 14 ] CVE-2016-1685
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1685″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1685</a>
[ 15 ] CVE-2016-1686
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1686″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1686</a>
[ 16 ] CVE-2016-1687
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1687″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1687</a>
[ 17 ] CVE-2016-1688
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1688″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1688</a>
[ 18 ] CVE-2016-1689
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1689″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1689</a>
[ 19 ] CVE-2016-1690
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1690″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1690</a>
[ 20 ] CVE-2016-1691
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1691″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1691</a>
[ 21 ] CVE-2016-1692
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1692″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1692</a>
[ 22 ] CVE-2016-1693
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1693″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1693</a>
[ 23 ] CVE-2016-1694
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1694″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1694</a>
[ 24 ] CVE-2016-1695
<a class=”moz-txt-link-freetext” href=”http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1695″>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1695</a>
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
<a class=”moz-txt-link-freetext” href=”https://security.gentoo.org/glsa/201607-07″>https://security.gentoo.org/glsa/201607-07</a>
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
<a class=”moz-txt-link-abbreviated” href=”mailto:security@gentoo.org”>security@gentoo.org</a> or alternatively, you may file a bug at
<a class=”moz-txt-link-freetext” href=”https://bugs.gentoo.org”>https://bugs.gentoo.org</a>.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.
<a class=”moz-txt-link-freetext” href=”http://creativecommons.org/licenses/by-sa/2.5″>http://creativecommons.org/licenses/by-sa/2.5</a></pre>
</body>
</html>
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.1
iQJ8BAEBCgBmBQJXijVZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1OTcyRDI4NDhFOEE0NDYwRTdERTY4QUM5
RjI4QkQ4QkQxRTM5NUZGAAoJEJ8ovYvR45X/3+cP/3rHS69LV3KZt6d2GRV6hWWn
vyByjox93RnAolt3HSZOaqnIqnqyod3EP8MaxjAG+bTu0vczqu+nxxMBqx/m+vgY
/RT60wzuGYNIl/Gw8HQsY05eCyP5TUwXqFjWodX8SanrKKVJdJ3ULItor034No1x
MmwN59PHCDu2x/NnEn/UjozrTiUH3UQevo6cRaWfuC+1bPCqCxaQzo0Jdl1lpk/D
1shhyXs8vfqD7E35r3mOBUy7Hwg3RkQAW6ykDtf6VyeC2fK0N5IIQee7hWsX2OlV
UyvBKZuEkeei8mRS2T1zli5IPts3pZyTu/Yy2gc4IoU7/EOW0/WCTkoEXQyyJSoL
9NwzQmgp7TjmeB6xELbIffqLs5UOULWZr10NDKca4m4YsxUVRRvhPjmhfZiT22ns
exhdmXiMwM9qkKe36RSLnsMH28WEgRy6rMXthLqOLugppbFJTZWG1HRoJc7068or
TnSpoPLD5uNPjU8q88RTP1gTegJ3lXnfLjCUdAkpD7GcIpGV3knX8JSRuv6tY5yQ
GwEjQwIwdL35/DCKfklNN0MXOMjlh42nCepH/Ns1BRh1cDt3cPZf2ufi93g9oAA/
+3cm9VehT1Vvq3ND1KQTiBhoYYV2crkpByL2aeNN9MDmgX+g2QHup4BHVAtERap4
KQgq9Q+UDR+mRNCQOwj/
=1Oqi
—–END PGP SIGNATURE—–